[PATCH v8 07/27] mbedtls: Enable smaller implementation for SHA256/512

Ilias Apalodimas ilias.apalodimas at linaro.org
Mon Oct 14 20:01:38 CEST 2024 

On Fri, 4 Oct 2024 at 00:55, Raymond Mao <raymond.mao at linaro.org> wrote:
>
> Smaller implementation for SHA256 and SHA512 helps to reduce the
> ROM footprint though it has a certain impact on performance.
> As a trade-off, enable it as a default config when MbedTLS is
> enabled can reduce the target size significantly with acceptable
> performace loss.
>
> Signed-off-by: Raymond Mao <raymond.mao at linaro.org>
> ---
> Changes in v6
> - Initial patch
> Changes in v7
> - Fixed the config dependencies.
> Changes in v8
> - None
>
>  lib/mbedtls/Kconfig              | 24 ++++++++++++++++++++++++
>  lib/mbedtls/mbedtls_def_config.h |  6 ++++++
>  2 files changed, 30 insertions(+)
>
> diff --git a/lib/mbedtls/Kconfig b/lib/mbedtls/Kconfig
> index 262abb2cec7..8e3a94c6f2b 100644
> --- a/lib/mbedtls/Kconfig
> +++ b/lib/mbedtls/Kconfig
> @@ -164,6 +164,18 @@ config SHA256_MBEDTLS
>           This option enables support of hashing using SHA256 algorithm
>           with MbedTLS crypto library.
>
> +if SHA256_MBEDTLS
> +
> +config SHA256_SMALLER
> +       bool "Enable SHA256 smaller implementation with MbedTLS crypto library"
> +       depends on SHA256_MBEDTLS
> +       default y if SHA256_MBEDTLS
> +       help
> +         This option enables support of hashing using SHA256 algorithm
> +         smaller implementation with MbedTLS crypto library.
> +
> +endif
> +
>  config SHA512_MBEDTLS
>         bool "Enable SHA512 support with MbedTLS crypto library"
>         depends on MBEDTLS_LIB_CRYPTO && SHA512
> @@ -172,6 +184,18 @@ config SHA512_MBEDTLS
>           This option enables support of hashing using SHA512 algorithm
>           with MbedTLS crypto library.
>
> +if SHA512_MBEDTLS
> +
> +config SHA512_SMALLER
> +       bool "Enable SHA512 smaller implementation with MbedTLS crypto library"
> +       depends on SHA512_MBEDTLS
> +       default y if SHA512_MBEDTLS
> +       help
> +         This option enables support of hashing using SHA512 algorithm
> +         smaller implementation with MbedTLS crypto library.
> +
> +endif
> +
>  config SHA384_MBEDTLS
>         bool "Enable SHA384 support with MbedTLS crypto library"
>         depends on MBEDTLS_LIB_CRYPTO && SHA384
> diff --git a/lib/mbedtls/mbedtls_def_config.h b/lib/mbedtls/mbedtls_def_config.h
> index 6fba053bd7c..1af911c2003 100644
> --- a/lib/mbedtls/mbedtls_def_config.h
> +++ b/lib/mbedtls/mbedtls_def_config.h
> @@ -35,6 +35,9 @@
>  #if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
>  #define MBEDTLS_SHA256_ALT
>  #endif
> +#if CONFIG_IS_ENABLED(SHA256_SMALLER)
> +#define MBEDTLS_SHA256_SMALLER
> +#endif
>  #endif
>
>  #if CONFIG_IS_ENABLED(SHA384)
> @@ -48,6 +51,9 @@
>  #if defined CONFIG_MBEDTLS_LIB_CRYPTO_ALT
>  #define MBEDTLS_SHA512_ALT
>  #endif
> +#if CONFIG_IS_ENABLED(SHA512_SMALLER)
> +#define MBEDTLS_SHA512_SMALLER
> +#endif
>  #endif
>
>  #if defined CONFIG_MBEDTLS_LIB_X509
> --
> 2.25.1
>

Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>

More information about the U-Boot mailing list